{"id":"CVE-2021-29045","details":"Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.","aliases":["GHSA-qcv4-gv43-498v"],"modified":"2026-03-14T15:04:04.012524Z","published":"2021-05-17T11:15:07.243Z","references":[{"type":"ADVISORY","url":"http://liferay.com"},{"type":"ADVISORY","url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743484"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liferay/liferay-portal","events":[{"introduced":"0515646c8f638f202d107469cc147172fc7685de"},{"last_affected":"f193301b2848899b008d51513af62a3b3a9b7888"}],"database_specific":{"versions":[{"introduced":"7.3.2"},{"last_affected":"7.3.5"}]}}],"versions":["7.3.2-ga3","7.3.3-ga4","7.3.4-ga5","7.3.5-ga6","test-fix-pack-base-7310"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29045.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.3-NA"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}